From 2cc4303bbc9d322fa1e448dcd0a7ee724ba87604 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@fedoraproject.org>
Date: Mon, 25 Feb 2008 19:50:42 +0000
Subject: [PATCH] - ftp: don't lose track of a descriptor on passive get when
 the server     fails to open a file

---
 krb5-1.6.3-ftp_fdleak.patch | 67 +++++++++++++++++++++++++++++++++++++
 krb5.spec                   |  6 ++++
 2 files changed, 73 insertions(+)
 create mode 100644 krb5-1.6.3-ftp_fdleak.patch

diff --git a/krb5-1.6.3-ftp_fdleak.patch b/krb5-1.6.3-ftp_fdleak.patch
new file mode 100644
index 0000000..7a9272b
--- /dev/null
+++ b/krb5-1.6.3-ftp_fdleak.patch
@@ -0,0 +1,67 @@
+Don't open a new socket without closing a possibly already-open one. RT#5597.
+diff -uNr krb5/src/appl/gssftp/ftp/ftp.c krb5/src/appl/gssftp/ftp/ftp.c
+--- krb5/src/appl/gssftp/ftp/ftp.c
++++ krb5/src/appl/gssftp/ftp/ftp.c
+@@ -196,7 +196,7 @@ char *
+ hookup(char* host, int port)
+ {
+ 	register struct hostent *hp = 0;
+-	int s;
++	int s, t;
+ 	socklen_t len;
+ #ifdef IP_TOS
+ #ifdef IPTOS_LOWDELAY
+@@ -274,8 +274,13 @@ hookup(char* host, int port)
+ 	}
+ #endif
+ #endif
++#ifndef _WIN32
++	t = dup(s);
++#else
++	t = s;
++#endif
+ 	cin = FDOPEN_SOCKET(s, "r");
+-	cout = FDOPEN_SOCKET(s, "w");
++	cout = FDOPEN_SOCKET(t, "w");
+ 	if (cin == NULL || cout == NULL) {
+ 		fprintf(stderr, "ftp: fdopen failed.\n");
+ 		if (cin) {
+@@ -1448,6 +1453,8 @@
+ 	int a1,a2,a3,a4,p1,p2;
+ 
+ 	if (passivemode) {
++		if (data != INVALID_SOCKET)
++			(void) closesocket(data);
+ 		data = socket(AF_INET, SOCK_STREAM, 0);
+ 		if (data == INVALID_SOCKET) {
+ 			PERROR_SOCKET("ftp: socket");
+@@ -2366,4 +2371,16 @@ FILE* fdopen_socket(SOCKET s, char* mode
+ 
+ 	return f;
+ }
++#else
++/* Non-Win32 case takes the address of the variable so that we can "take
++ * ownership" of the descriptor number. */
++FILE* fdopen_socket(int *s, char* mode)
++{
++	FILE *fp;
++	fp = fdopen(*s, mode);
++	if (fp) {
++		*s = INVALID_SOCKET;
++	}
++	return fp;
++}
+ #endif /* _WIN32 */
+diff -up krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h
+--- krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h	2007-08-03 00:53:35.000000000 -0400
++++ krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h	2007-08-03 00:53:39.000000000 -0400
+@@ -48,7 +48,8 @@ FILE* fdopen_socket(SOCKET s, char* mode
+ #define PERROR_SOCKET(str) do { errno = SOCKET_ERRNO; perror(str); } while(0)
+ #else
+ #define FCLOSE_SOCKET(f) fclose(f)
+-#define FDOPEN_SOCKET(s, mode) fdopen(s, mode)
++FILE* fdopen_socket(int *s, char* mode);
++#define FDOPEN_SOCKET(s, mode) fdopen_socket(&s, mode)
+ #define SOCKETNO(fd) (fd)
+ #define PERROR_SOCKET(str) perror(str)
+ #endif
diff --git a/krb5.spec b/krb5.spec
index 5ad2193..e0b25cb 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -96,6 +96,7 @@ Patch68: krb5-trunk-spnego_delegation.patch
 Patch69: krb5-trunk-seqnum.patch
 Patch70: krb5-trunk-kpasswd_tcp2.patch
 Patch71: krb5-1.6.2-dirsrv-accountlock.patch
+Patch72: krb5-1.6.3-ftp_fdleak.patch
 
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
@@ -226,6 +227,10 @@ to obtain initial credentials from a KDC using a private key and a
 certificate.
 
 %changelog
+* Mon Feb 25 2008 Nalin Dahyabhai <nalin@redhat.com>
+- ftp: don't lose track of a descriptor on passive get when the server fails to
+  open a file
+
 * Mon Feb 25 2008 Nalin Dahyabhai <nalin@redhat.com>
 - in login, allow PAM to interact with the user when they've been strongly
   authenticated
@@ -1309,6 +1314,7 @@ popd
 %patch69 -p0 -b .seqnum
 #%patch70 -p0 -b .kpasswd_tcp2
 %patch71 -p1 -b .dirsrv-accountlock
+%patch72 -p1 -b .ftp_fdleak
 cp src/krb524/README README.krb524
 gzip doc/*.ps